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OBJECTIVE: 


APPROACH: 


TO  DEVELOP  &  DEMONSTRATE  THE 
TOOLS  &  TECHNOLOGY  NECESSARY  TO 
REALIZE  TRUSTED  C3I  SYSTEMS  IN  AIR 
FORCE  &  DOD  APPLICATIONS 

EMPHASIZE  USE  OF  FORMAL 
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POLICY 

MECHANISMS 

VERIFICATION 
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STATE-OF-THE-ART 
ACCESS  CONTROL 


OPERATING  SYSTEM 
GUARDS 
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TESTING 
PENETRATION 
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AD  HOC  PROCESS 
LABOR  INTENSIVE 


DEFICIENCIES 

INTEGRITY 
ASSURED  SERVICE 

DISTRIBUTED  SYSTEMS 
DATABASE  MGMT  SYS 
PARALLEL  PROCESSING 

CODE  VERIFICATION 
TRUSTED  COMPILERS 
TRUSTED  HARDWARE 
SOFTWARE  ENGINEERING 

STANDARDIZED  PROCESS 
AUTOMATED  TOOLS 
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COMPUTER  SECURTTY 
AREAS  OF  INTEREST 

.  SECURITY  PROPERTIES  MODELING 
.  SECURE  DISTRIBUTED  SYSTEMS 
•  MULTILEVEL  SECURE  DBMS 
.  FORMAL  VERIFICATION 
.  CERTIFICATION  TECHNOLOGY 
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ESTABLISHED  CONCEPT  OF  “HOOK-UP"  SECURITY 


DATABASE  INTEGRITY 


IMPLEMENTED  SECURE  SYSTEM  DEVELOPMENT 
ENVIRONMENT  ON  SUN  WORKSTATION 


ASSURED  SERVICE  FOR  DISTRIBUTED 
SYSTEMS 


POPULATE  ENVIRONMENT  WITH  GENERIC  MOOELS 
OF  SECURE  SYSTEM  COMPONENTS 


DATABASE  AGGREGATION 


EXTEND  ENVIRONMENT  TO  ADDRESS: 
DATA  INTEGRITY 
ASSURED  SERVICE 


DISTRIBUTED  SYSTEMS  INTEGRITY 
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SECURITY  POLICY 

ACCESS  CONTROL 
DATA/PROCESS  INTEGRITY 
DENIAL  OF  SERVICE 


FORMAL 
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DESIGN 

VERIFICATION 


CODE 

VERIFICATION 


FORMAL 
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WHAT  IS  ROMULUS? 


ROMULUS  IS  A  WORKSTATION-BASED,  TRUSTED 
SYSTEM  DESIGN  ENVIRONMENT  TO  MODEL,  ANALYZE, 
&  VERIFY  THE  SECURITY  PROPERTIES  OF  TRUSTED, 
DISTRIBUTED  COMPUTER  SYSTEMS 
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COMPONENTS  OF  ROMULUS 
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SYSTEM 
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ROMULUS  EXTENSIONS 


•  REQUIREMENTS  TOOL  IN1EG  RADON 

•  ROMULUS/PENELOPE  INTEGRATION 

•  ENHANCED  MODEUNG  SUPPORT 
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ARCHITECTURES 


DATABASE  SUPPORT  TACTICAL  INFOSEC 

ARCHITECTURES  INTEROPERABILITY  WORKSTATION 

SURVIVABILITY 
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MLS  DISTRIBUTED  OPERATING  SYSTEM 
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THETA  PROGRAM-HISTORY 


*  ROME  LAB  SUPPORT  FROM  1985 
.  CONCEPT  EXPLORATION  PHASE  ("PHASE  I"): 

-BBN/ORA,  198547 

-STU  DY  DISTRI  BUTEDSECURITY;FORMU  LATEPOLICY 

-  DESIGN  A  SECURE  DISTRIBUTED  OS 

-  CARRY  OUT  AI-LEVEL  VERIFICATION  FOR  ASSURANCE 
.  DEMONSTRATION/VAUDATIONPHASE("PHASEH"): 
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-  IMPLEMENT  PROTOTYPE 
-B3-LEVEL  DESIGN  &  ASSURANCE 


AMAN  SCIENCES-SNR  ID : 315-472-7241  OCT  IT 93  2=  N=  002 


THETA/TRUSTED  DBMS  INTEG“PTjON 
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KNOWLEDGE-BASE  SYSTEMS  | 

MLS  DBMS  DESIGN 
METHODOLOGY 
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INTELLIGENT  DATABASES 
DATA  +  RULES  +  KNOWLEDGE 
OBJECT-ORIENTED  PROGRAMMING 
SECURITY  POLICY,  FORMAL  MODEL 


DATA  VIEWS 
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MLS 
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MANAGEMENT. 


MLS  RELATIONAL  DATA  MODEL 
TARGETED  TO  A1 

TWO  SECURITY  POLICIES  ADDRESS: 
MANDATORY/DISCRETIONARY 
INTEGRITY 

RULE-BASED  CLASSIFICATION  CONSTRAINTS 
POLYINSTANTIATION 

FORMAL  MODELS,  FTLS,&  DEMONSTRATION 
SCTC  LOCK  a  GEMINI  GEMSOS 


TAXONOMY  OF  ARCHITECTURES 
DECISION  ATTRIBUTES  (QUALITATIVE) 
ALLOW  PRIORITY  OF  DESIGN  F  ACTORS 
ARCHITECTURE  CHOICES/TRADE-OFFS 
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TRUSTEDDATABASEFRONT-END 

O  ELECTIVE 

•  DEVELOP  &  DEMONSTRATE  TRUSTED  DBMS 
FRO  NT- BID  CAPABHJHES 10  SUPPORT 

-  MULTILEVEL  WORKSTATION  INTERFACE 

-  MULTILEVEL  OUTPUTTECHNOLOGY 

-  PRESENTATION  TECHNOLOGY 

-  WINDOWING 

-  TRUSTED  DATA  LABELS 

PROGRAM  REQUIREMENTS: 

•  BUILD  TO  AT  LEA  ST  C  LASS  B2 
.  TRUSTED  SUE) ECT APPROACH 

•  CLIENT-SERVER  ARC  HTTECTURE 
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ESTABLISH  THEORETICAL  FOUNDATIONS 
IMPLEMENT  PROTOTYPE  ENVIRON.  TO  ESTABLISH 
FEASIBILITY  {BASED  ON  C) 

DEMONSTRATE  VIA  SD1  WEAPONS  ASSIGNMENT 
ALGORITHM 

INCORPORATE  INTO  ADA  VERIFICATION  ENVIRONMENT 


“TOP-TO-BOTTOM” 
VERIF  ENVIRONMENT 


DESIGNS  IMPLEMENT  A  VERIF.  ENVIRON. 

FROM  ADA  SPEC  TO  HARDWARE  CHIP 
USES  EXECUTABLE  SPECIFICATION  LANGUAGE 
EMPHASIS  TO  DATE: 

TRUSTED  COMPILER 
RISC  PROCESSOR  VERIFICATION 
APPLICATION: 

TRUSTED  ADA  COMPILER 
SD1  CHIP  VERIFICATION  (RH32) 


VERIFICATION  TECHNOLOGY 
ASSESSMENT 


EVALUATE  EXISTING  METHODOLOGIES 
OEVELOP  MIDTERM  REQUIREMENTS 
RESEARCH  LONG  TERM  VERIFICATION  ISSUES 
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CERTIFICATION  TECHNOLOGY 


OBJECTIVE: 

DEVELOP  A  METHODOLOGY  &  PROVIDE  A  SET  OF  TOOLS  &  TECHNIQUES 
TOSUPPORTTHESECURESYSTEMACCREDITATION/EVALUATION 
PROCESS  &  TO  AID  THE  DETERMINATION  OF  THE  DEGREE  OF  SECURITY 
PROVIDED  BY  AUTOMATED  INFORMATION  SYSTEMS 

APPROACH' 

•DEFINITIZEEXISTING  CERTIFICATION  PROCESS 

•  TAILOR  PROCESS  TO  AIR  FORCE  NEEDS 
.IDENTIFY  AREAS  AMENABLETO  AUTOMATION 
.  SURVEY  EXISTING  TOOLS/TECHNIQUES  TO  DETERMINE  APPLICABILITY 

TO  AIR  FORCE  SECURITY  CERTIFICATION  PROCESS 

•  DEVEUOPA  ME1HODOLOGY&  NEWTOOLS&TECHNIQUESTO  SUPPORT 
SYSTEM  CERTIFICATION  &  LIFE  CYCLE  MANAGEMENT 
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PROJECTED  FY93  NEW  STARTS 
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